Skip to main content
McAfee Enterprise MVISION Cloud

Create or Edit a Sanctioned DLP Policy

A Data Loss Prevention (DLP) policy defines the criteria for generating an incident and optionally sets specific actions that are triggered in response to the detected incident. Use the following procedure to create or edit a DLP policy for any MVISION Cloud Sanctioned IT Cloud Service Provider. You can apply a single DLP policy to multiple Cloud Service Providers, so long as all CSPs support the rules and responses in the policy.

Once you create your DLP policy, it is enabled by default. 

IMPORTANT: MVISION Cloud does not support importing or exporting policies or policy templates that include more than 50 rule groups or that exceed 64 KB in size, whichever limit is reached earlier.

To create or edit a DLP Policy:

  1. Go to Policy > DLP Policies.
  2. Click Actions > Sanctioned Policy > Create New Policy. (See Create a Policy from a Template for information about templates.)
  3. Name. Enter a descriptive name to help identify the policy.
    dlp_policy_1.png
  4. Description. (Optional) Enter a description for your DLP Policy. 
  5. Deployment Type. Select an integration method. Some user actions and response actions depend on the Type you choose. Choose from:
    • API
    • Lightning Link
    • Reverse Proxy
  6. Services. Click Select Service Instances, then select the instances you want the policy to apply to from the list.
  7. Click Done
  8. Users. Click Edit to select one of the options for Users to Include in the policy. 
    dlp_policy_2.png
    • All Users. Apply the policy to all users.  
    • Use a predefined dictionary. Apply the policy to users in a predefined dictionary. 
    • Manually enter users. Manually enter user emails in a list. Use a comma to separate email addresses. 
  9. Click Save
  10. Add Exclusions. Select any Users to Exclude from the policy.
    dlp_policy_3.png
    • None. Do not exclude any users from the policy. 
    • Use a predefined dictionary. Apply the policy to users in a predefined dictionary. 
    • Manually enter users. Manually enter user emails in a list. Use a comma to separate email addresses. 
  11. Click Save
  12. User Groups. If your tenant has User Data (Active Directory) configured, click Edit to select the User Groups to include in the policy. 
    dlp_policy_4.png
  13. Click Done
  14. Add Exclusions. Select any User Groups to exclude from the policy.
  15. Click Done
  16. Click Next
  17. Rules. Specify the rules that the policy will enforce. You can specify one or more rules or rule groups.
  18. Click AND to add another rule, if needed. 
  19. Click THEN to add a severity: Critical, Major, Minor, Warning, or Info. 
  20. Click New Rule Group to add more, if needed. 
  21. Click Add Exception. Add one or more exceptions, if needed. A DLP policy ignores any exception group within the policy. An exception group is ignored when ALL exceptions within the group match.
  22. Click Add Exception Group to add more. 
  23. Click Next
  24. Response.  Select one or more response actions that are triggered when the policy rules are matched. By default, all DLP policies create an incident.
    dlp_policy_5.png
  25. Click Done.
  26. Click Next
  27. Click Save
  • Was this article helpful?